From 57ca6adaecbc068779bfa278d27d0fae2811d666 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 12 Sep 2025 02:09:33 +0200 Subject: [PATCH] =?UTF-8?q?MediaWiki:=20runtime=20patch=20for=20LocalSetti?= =?UTF-8?q?ngs.php=20(URL,=20DB,=20lang)=20+=20safe=20quoting=20-=20Add=20?= =?UTF-8?q?03=5Fpatch=5Fsettings.yml=20to=20sync=20$wgServer/$wgCanonicalS?= =?UTF-8?q?erver,=20DB=20vars,=20and=20language=20-=20Use=20single-quoted?= =?UTF-8?q?=20PHP=20strings=20with=20proper=20escaping;=20idempotent=20gre?= =?UTF-8?q?p=20guards=20-=20Wire=20task=20into=20main.yml;=20rename=2003?= =?UTF-8?q?=5Fadmin=E2=86=9204=5Fadmin=20and=2004=5Fextensions=E2=86=9205?= =?UTF-8?q?=5Fextensions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ref: https://chatgpt.com/share/68c3649a-e830-800f-a059-fc8eda8f76bb --- .../tasks/03_patch_settings.yml | 65 +++++++++++++++++++ .../tasks/{03_admin.yml => 04_admin.yml} | 0 .../{04_extensions.yml => 05_extensions.yml} | 0 roles/web-app-mediawiki/tasks/main.yml | 7 +- 4 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 roles/web-app-mediawiki/tasks/03_patch_settings.yml rename roles/web-app-mediawiki/tasks/{03_admin.yml => 04_admin.yml} (100%) rename roles/web-app-mediawiki/tasks/{04_extensions.yml => 05_extensions.yml} (100%) diff --git a/roles/web-app-mediawiki/tasks/03_patch_settings.yml b/roles/web-app-mediawiki/tasks/03_patch_settings.yml new file mode 100644 index 00000000..23c8f169 --- /dev/null +++ b/roles/web-app-mediawiki/tasks/03_patch_settings.yml @@ -0,0 +1,65 @@ +# roles/web-app-mediawiki/tasks/03_patch_settings.yml +- name: "MEDIAWIKI | Ensure LocalSettings.php has correct base settings" + vars: + _lsp_path: "{{ MEDIAWIKI_HTML_DIR }}/LocalSettings.php" + _server_url: "{{ MEDIAWIKI_URL | regex_replace('/+$', '') }}" + # Pre-escape single quotes for safe insertion into PHP single-quoted strings: + _server_url_sq: "{{ _server_url | replace(\"'\", \"'\\\\''\") }}" + _db_name_sq: "{{ database_name | replace(\"'\", \"'\\\\''\") }}" + _db_user_sq: "{{ database_username | replace(\"'\", \"'\\\\''\") }}" + _db_pass_sq: "{{ database_password | replace(\"'\", \"'\\\\''\") }}" + _db_host_sq: "{{ (database_host ~ ':' ~ database_port) | replace(\"'\", \"'\\\\''\") }}" + _lang_sq: "{{ HOST_LL | replace(\"'\", \"'\\\\''\") }}" + shell: | + docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc ' + set -euo pipefail + LSP="{{ _lsp_path }}" + SERVER='\''{{ _server_url_sq }}'\'' + DBNAME='\''{{ _db_name_sq }}'\'' + DBUSER='\''{{ _db_user_sq }}'\'' + DBPASS='\''{{ _db_pass_sq }}'\'' + DBHOST='\''{{ _db_host_sq }}'\'' + LANG='\''{{ _lang_sq }}'\'' + [ -f "$LSP" ] || { echo "LocalSettings.php not found, skipping."; exit 0; } + + need=0 + + check_line() { + local key="$1" val="$2" + grep -Eq "^[[:space:]]*\$${key}[[:space:]]*=[[:space:]]*'\''${val}'\'';" "$LSP" || need=1 + } + + check_line wgServer "$SERVER" + check_line wgCanonicalServer "$SERVER" + check_line wgDBname "$DBNAME" + check_line wgDBuser "$DBUSER" + check_line wgDBpassword "$DBPASS" + check_line wgDBserver "$DBHOST" + check_line wgLanguageCode "$LANG" + + if [ "$need" -eq 1 ]; then + tmp="$(mktemp)" + # Remove any existing definitions for these keys + grep -Ev "^[[:space:]]*\$(wgServer|wgCanonicalServer|wgDBname|wgDBuser|wgDBpassword|wgDBserver|wgLanguageCode)[[:space:]]*=" "$LSP" > "$tmp" || true + + { + printf "\n\$wgServer = '\''%s'\'';\n" "$SERVER" + printf "\$wgCanonicalServer = '\''%s'\'';\n" "$SERVER" + printf "\$wgDBname = '\''%s'\'';\n" "$DBNAME" + printf "\$wgDBuser = '\''%s'\'';\n" "$DBUSER" + printf "\$wgDBpassword = '\''%s'\'';\n" "$DBPASS" + printf "\$wgDBserver = '\''%s'\'';\n" "$DBHOST" + printf "\$wgLanguageCode = '\''%s'\'';\n" "$LANG" + } >> "$tmp" + + cat "$tmp" > "$LSP" + rm -f "$tmp" + echo CHANGED + fi + ' + args: + executable: /bin/bash + register: mw_lsp_update + changed_when: "'CHANGED' in (mw_lsp_update.stdout | default(''))" + failed_when: mw_lsp_update.rc != 0 + no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" diff --git a/roles/web-app-mediawiki/tasks/03_admin.yml b/roles/web-app-mediawiki/tasks/04_admin.yml similarity index 100% rename from roles/web-app-mediawiki/tasks/03_admin.yml rename to roles/web-app-mediawiki/tasks/04_admin.yml diff --git a/roles/web-app-mediawiki/tasks/04_extensions.yml b/roles/web-app-mediawiki/tasks/05_extensions.yml similarity index 100% rename from roles/web-app-mediawiki/tasks/04_extensions.yml rename to roles/web-app-mediawiki/tasks/05_extensions.yml diff --git a/roles/web-app-mediawiki/tasks/main.yml b/roles/web-app-mediawiki/tasks/main.yml index 3e30847d..a88c18bc 100644 --- a/roles/web-app-mediawiki/tasks/main.yml +++ b/roles/web-app-mediawiki/tasks/main.yml @@ -22,11 +22,14 @@ require_path: "{{ MEDIAWIKI_LOCAL_PATH }}/debug.php" when: MODE_DEBUG | bool +- name: "MEDIAWIKI | Sync LocalSettings.php with Ansible vars" + include_tasks: 03_patch_settings.yml + - name: "Load admin setup procedures for '{{ application_id }}''" - include_tasks: 03_admin.yml + include_tasks: 04_admin.yml - name: "Load extensions procedures for '{{ application_id }}''" - include_tasks: "04_extensions.yml" + include_tasks: "05_extensions.yml" when: MEDIAWIKI_OIDC_ENABLED | bool - name: "OIDC | Ensure require_once(oidc.php) present"